Understanding VLAN Pool Roles in Cisco ACI: Internal vs External or On-the-Wire

In Cisco ACI, VLAN pools are used to define ranges of VLAN IDs that can be assigned to endpoints. Each VLAN range must be assigned a role, which determines how the VLANs are used within the fabric. There are two primary roles: 'Internal' and 'External or On-the-Wire'. This blog post explains the differences between these roles, their behaviors, and typical use cases.

1. Internal VLAN Pool Role

The 'Internal' role is used for VLANs that are strictly for intra-fabric communication. These VLANs are not exposed outside the ACI fabric and are used for internal encapsulation and mapping EPGs to VXLAN VNIDs.

Use Cases:

·       EPG-to-EPG communication within the fabric

·       Service chaining ( Service Graphs etc.) or internal-only applications

·       solated tenants or test environments

2. External or On-the-Wire VLAN Pool Role

The 'External or On-the-Wire' role is used for VLANs that are visible outside the ACI fabric. These VLANs are preserved on the wire and are used for external connectivity such as L2Out, L3Out, bare-metal servers, and VMM domains.

Use Cases:

·       Integration with legacy VLAN-based networks

·       VMM integration where VLANs must match hypervisor configurations

·       Bare-metal servers requiring specific VLANs

Summary Comparison

Role	Visibility	VLAN ID Preservation	Typical Use Case
Internal	Fabric-only	No	Internal EPGs, service chaining, isolated tenants
External or On-the-Wire	Exposed on physical wire	Yes	L2/L3Out, VMM, bare-metal, legacy integration

ACI Errors

1. Error 400 - the messaging layer was unable to deliver the stimulus (no replica is available)

Resolution - This error occurs when there is issue with the APIC inter communication. please check if the APIC cluster is healthy.

2. Error: 400 - Cannot configure if dFromPort = 0 and dToPort != 0 Dn0=uni/tn-T1/flt-Filter-tcp80/e-Entry_TCP80

Resolution - Check the Destination From and To field in the ACI filters. If you want to filter some specific port like port http then select http on both FROM and TO field. 

You cannot have unspecified in  FROM and http in TO field.

What is Cisco transceiver QSFP-100G-FR

QSFP-100G-FR is a Cisco transceiver for 100G connectivity over single mode fibre.

Feature	Description
Form Factor	QSFP28 (Quad Small Form-factor Pluggable)
Data Rate	100 Gbps
Reach	Up to 2 kilometers
Fiber Type	Single-Mode Fiber (SMF)
Connector Type	LC Duplex
Wavelength	1310 nm

How different componet of ACI fits together

1.  VLAN Pool → defines VLANs (e.g., VLAN 113)
2. Domain → links to VLAN Pool (e.g., Physical Domain)
3. AEP → links to Domain
4. Interface Policy Group → links to AEP
5. Interface Profile → applies Interface Policy Group to a port
6. Switch Profile → applies Interface Profile to a switch
7. EPG → statically binds to the port using VLAN from the pool

Basic Vs Standard Public Ip Adddress SKU in AZURE

 Publick IP address in Azure is available in two SKUs.

Below are the key dfferences between Basic and Standard Public IP addresses.

IP Helper address in NXOS

 In NX-OS, the command equivalent to Cisco IOS's ip helper-address for DHCP relay is ip dhcp relay address. Both commands serve the same purpose: forwarding DHCP requests from clients to a DHCP server located on a different subnet.

Single-Mode Fiber (SMF) Vs Multimode Fiber (MMF)

The main difference between single-mode and multimode fiber optic cables lies in how they transmit light and the distances they can cover: